13 Oct 2015
Being a victim of a cybercrime attack is bad for business - we all know that. The clean-up requirements and policy amendments needed to avoid a future attack are costly in terms of resources, expertise and time.
But there are many other headaches to consider.
For instance, if the cyber attack gets public interest, as in the recent cyber attack cases suffered by Ashley Madison, eBay, JP Morgan Chase, Nasdaq, Hacking Team, Target, Home Depot and Adobe, your PR teams and spokespeople must find ways to explain how the breach occured, what the company is doing about it, as well as reassure business partners and customers. And if your company has floated, you also need to consider carefully how you will inform and reassure shareholders.
Even those who have remained unscathed (thus far) by the impact of a cyber attack are continually encouraged to invest strategically in experts, technology and education. After all, no company wants to be headline news for being a cyber attack victim.
And just when you thought dealing with cybercrime couldn’t get more expensive and complex, another industry is looking to nudge its way in: insurance companies.
Allianz reported last month that global cyber insurance market is forecasted to grow to more than $20 billion USD by 2025. The top five countries in term of cybercrime costs are the US, China, Japan, Germany and France. The UK comes in at number six and India holds tenth place.
More worringly, U.S. insurers have massively increased their premiums, ”leaving firms that are perceived to be high risk scrambling for cover.” according to Newsman. Deductibles are also being increased, and limits on coverage in some cases are capped at $100 million USD, leaving large corporations exposed to losses that can far surpass the cover.
Part of the reason for the massive hike in cyber insurance costs may be down to the increase in breaches making headlines around the globe. Insurance companies do not have decades of historical data to base their cyber attack calculations upon. In other words, cyber insurance is still in its infancy. It is no surprise that insurance companies do not want to turn down this new cash flow, but they also don’t want to go bust should the payouts exceed expected forecasts.
Garrett Droege, who runs an association of companies that offer cyber insurance, explains “Insurers are being selective because the ultimate risk they're taking is not well understood… The (cyber) market is still very, very juvenile,” reports NPR.
Only about one in five companies is currently insured against cybercrime losses, according to NPR. No doubt the insurance companies are going to encourage more businesses and organisations to get on the bandwagon.
So, while insurance companies figure out the best price performance, we can expect cybercrime to continue costing businesses more every year. This forecast is unlikely to change, unless the security industry and policing authorities band together to build an effective global alliance to effectively reduce hackers’ incentive to steal, embarrass and, in some cases, cripple institutions.
To learn about these and other new IT threats, check out AKJ Associates' security conference series. With security events held throughout the year all around the world, it’s the place to be for IT security.
Carole Theriault - Tick Tock Social
AKJ Associates' consultant
Tags: insurance cybercrime hacker security organisation shareholders high-profile